Innovation Ecosystem/Opinion

The uneasy world of hacking in RI

What is a journalist’s responsibility?

Photo by Richard Asinof/File Photo

A participant, left, with R.I. Education Commissioner Angelica Infante-Green, in a "selfie" taken at the Making It Happen event on Saturday, Dec. 7, 2019.

By Richard Asinof
Posted 10/7/24
Exploring what the response should be when you learn that a business may have been hacked.
What is your responsibility as a journalist to cover the potential hacking of a major law firm as a news story? What is the best way to protect yourself and your sources from hacking efforts? How do you escape becoming paranoid when you read about the lengths that Steward Health Care’s Ralph de la Torre took to attack his critics?
Years ago, when I was a young journalist in Philadelphia, I interviewed Phil Ochs. I watched him get drunk before he took the stage at Grendel’s Lair, a nightclub on South Street. Ochs was attempting a comeback of sorts, and I decided not to write the story, because I did not want to write about his drunkenness and how he almost fell down on stage. Should I have written the story?

PROVIDENCE – “About 201 gigabytes of data allegedly stolen from the Providence Public School Department was released after the deadline to pay a $1 million ransom,” Rhode Island Current’s Alexander Castro reported in his story published on Sept. 25, 2024.

The headline for the story, “Hackers claim to have published data stolen from Providence Public School Department,” revealed the damage that the school department did not want to talk about in public. The story’s subhead captured the uncomfortable position the department’s superintendent, Javier Montanez, was put in: “After ransom deadline passes, superintendent acknowledges unauthorized network access and potential release of personal information.”

The Providence school district has been under state control since 2019, with oversight by the Rhode Island Department of Education – an arrangement that was renewed in August for up to another three years, as the Rhode Island Current reported.

School departments, it turns out, have become a frequent target of hackers – including the Nantucket, Mass., public schools, the Tucson Unified School District in Arizona, and the Minneapolis Public Schools in Minnesota, according to the Rhode Island Current.

The economics of hacking allegedly work like this, as one source told ConvergenceRI. Purveyors of the dark web hack into a corporation or agency database, acquire access to the personal data of the customers held by the system, and then demand a ransom payment.

If the business being hacked refuses to pay the ransom, the data is then released, another source told ConvergenceRI. In response, lawyers said to be representing the clients whose data was allegedly breached then sue the business whose data files were hacked.

As a result, the team of lawyers and insurers representing the hacked business become engaged in a time-consuming, expensive process to free up and regain access to the breached data.

To whom do you report a hacking expedition?    
Now, imagine if you received what appears to be a “phishing” expedition – an email claiming to be from a prominent attorney in a leadership position at a large Rhode Island law firm saying that there is a voice mail message for you.

The prominent attorney is someone you have done business with in the past – to be specific, whose law firm has been a subscriber to ConvergenceRI.

In response, you reach out to the prominent attorney, and ask for clarification by both email and by phone: Did you send me a voicemail? If you did not, has your computer system been hacked?

The attorney responds by email saying that their computer has been hacked. You follow up, asking for a phone conversation to confirm the content of the email, but do not get any further response.

Is this a news story?    
Maybe. Maybe not. Because you never will practice “gotcha” journalism, you resist the temptation of pursuing the story. You do, however, contact the Attorney General’s office, to let them know about the situation, as a way of protecting yourself and also as a way to let the chief law enforcement official in Rhode Island know about the apparent concerted effort to breach a major law firm operating in Rhode Island.

© convergenceri.com | subscribe | contact us | report problem | About | Advertise

powered by creative circle media solutions

Join the conversation

Want to get ConvergenceRI
in your inbox every Monday?

Type of subscription (choose one):
Business
Individual

We will contact you with subscription details.

Thank you for subscribing!

We will contact you shortly with subscription details.